Fixed offload issue for qat hw aes-ccm and sm3 when modules removed

Signed-off-by: Tirupatigopi Ravulapalli <ravulapallix.tirupatigopi@intel.com>

Author: ravulapx

e_qat.c

@@ -182,9 +182,9 @@ int fallback_to_openssl = 0;
 int qat_openssl3_prf_fallback = 0;
 int qat_openssl3_hkdf_fallback = 0;
 int qat_openssl3_sm2_fallback = 0;
-int qat_openssl3_sm3_fallback = 0;
 int qat_openssl3_sha_fallback = 0;
 #endif
+int qat_openssl3_sm3_fallback = 0;
 int fallback_to_qat_sw = 0; /* QAT HW initialize fail, offload to QAT SW. */
 int qat_hw_offload = 0;
 int qat_sw_offload = 0;
@@ -1379,7 +1379,7 @@ int bind_qat(ENGINE *e, const char *id)
  INFO("QAT_SW SM3 for Provider Enabled\n");
 # endif
 # ifdef ENABLE_QAT_HW_CCM
-  qat_hw_aes_ccm_offload = 1;
+ if (qat_hw_aes_ccm_offload)
  INFO("QAT_HW AES-CCM for Provider Enabled\n");
 # endif
 #endif

e_qat.h

@@ -405,9 +405,9 @@ extern int fallback_to_openssl;
 extern int qat_openssl3_prf_fallback;
 extern int qat_openssl3_hkdf_fallback;
 extern int qat_openssl3_sm2_fallback;
-extern int qat_openssl3_sm3_fallback;
 extern int qat_openssl3_sha_fallback;
 #endif
+extern int qat_openssl3_sm3_fallback;
 extern int fallback_to_qat_sw; /* QAT HW initialization fail, offload to QAT SW. */
 extern int qat_hw_offload;
 extern int qat_sw_offload;

qat_hw_ccm.c

@@ -1599,6 +1599,12 @@ int qat_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  return RET_FAIL;
  }
 
+ if (qat_get_qat_offload_disabled()) {
+DEBUG("- Switched to software mode\n");
+ fallback = 1;
+goto end;
+ }
+
  DEBUG("enc = %d - ctx = %p, out = %p, in = %p, len = %zu\n",
  enc, (void *)ctx, (void *)out, (void *)in, len);
 

qat_hw_sm3.c

@@ -468,6 +468,25 @@ int qat_hw_sm3_init(EVP_MD_CTX *ctx)
  return sts;
  }
 # endif
+#else
+ if ((!qat_hw_sm3_offload) || (qat_get_qat_offload_disabled())) {
+ QAT_SM3_CTX *qat_sm3_ctx = (QAT_SM3_CTX *) ctx;
+ qat_sm3_ctx->sw_md_ctx = EVP_MD_CTX_new();
+ if (qat_sm3_ctx->sw_md_ctx == NULL) {
+ WARN("EVP_MD_CTX_new failed.\n");
+ }
+ qat_sm3_ctx->sw_md = EVP_MD_fetch(NULL, "sm3", "provider=default");
+ if (qat_sm3_ctx->sw_md == NULL) {
+ WARN("EVP_MD_fetch failed.\n");
+ }
+ if (!EVP_DigestInit_ex(qat_sm3_ctx->sw_md_ctx,
+ qat_sm3_ctx->sw_md, NULL)) {
+ WARN("Software calculate failed \n");
+ return 0;
+ }
+ DEBUG("SW Init Finished %p\n", qat_sm3_ctx);
+ return 1;
+ }
 #endif
  return 1;
 }
@@ -514,13 +533,6 @@ int qat_hw_sm3_update(EVP_MD_CTX *ctx, const void *in, size_t len)
  QATerr(QAT_F_QAT_HW_SM3_UPDATE, QAT_R_INVALID_INPUT);
  return 0;
  }
-
-# if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER)
- if (qat_openssl3_sm3_fallback == 1) {
- DEBUG("- Switched to software mode\n");
- goto fallback;
- }
-# endif
 #ifdef QAT_OPENSSL_PROVIDER
  qat_sm3_ctx = (QAT_SM3_CTX *)ctx;
 #else
@@ -532,6 +544,10 @@ int qat_hw_sm3_update(EVP_MD_CTX *ctx, const void *in, size_t len)
  return 0;
  }
 
+ if ((qat_openssl3_sm3_fallback == 1) || (!qat_hw_sm3_offload) || (qat_get_qat_offload_disabled())) {
+ DEBUG("- Switched to software mode\n");
+ goto fallback;
+ }
  qat_sm3_ctx->rcv_count += len;
  DUMPL("sm3 hw update receive", in, len);
 
@@ -599,12 +615,19 @@ int qat_hw_sm3_update(EVP_MD_CTX *ctx, const void *in, size_t len)
 #endif
  return 1;
 
-# if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER)
 fallback:
+# if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER)
  sw_fn_ptr = EVP_MD_meth_get_update((EVP_MD *)EVP_sm3());
  sts = (*sw_fn_ptr)(ctx, in, len);
  DEBUG("SW Finished %p\n", ctx);
  return sts;
+# else
+ if (!EVP_DigestUpdate(qat_sm3_ctx->sw_md_ctx, in, len)) {
+ WARN("Software calculate failed \n");
+ return 0;
+ }
+ DEBUG("SW Update Finished %p\n", qat_sm3_ctx);
+ return 1;
 # endif
 }
 
@@ -676,14 +699,6 @@ int qat_hw_sm3_final(EVP_MD_CTX *ctx, unsigned char *md)
  QATerr(QAT_F_QAT_HW_SM3_FINAL, QAT_R_INPUT_PARAM_INVALID);
  return 0;
  }
-
-# if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER)
- if (qat_openssl3_sm3_fallback == 1) {
- DEBUG("- Switched to software mode\n");
- goto fallback;
- }
-# endif
-
 #ifdef QAT_OPENSSL_PROVIDER
  qat_sm3_ctx = (QAT_SM3_CTX *)ctx;
 #else
@@ -694,6 +709,12 @@ int qat_hw_sm3_final(EVP_MD_CTX *ctx, unsigned char *md)
  QATerr(QAT_F_QAT_HW_SM3_FINAL, QAT_R_CTX_NULL);
  return 0;
  }
+
+ if ((qat_openssl3_sm3_fallback == 1) || (!qat_hw_sm3_offload) || (qat_get_qat_offload_disabled())) {
+ DEBUG("- Switched to software mode\n");
+ goto fallback;
+ }
+
 # ifndef ENABLE_QAT_SMALL_PKT_OFFLOAD
  if (qat_sm3_ctx->rcv_count <= CRYPTO_SMALL_PACKET_OFFLOAD_THRESHOLD_HW_SM3) {
  /* Software calculation can start from init, because SPO threshold will
@@ -748,12 +769,19 @@ int qat_hw_sm3_final(EVP_MD_CTX *ctx, unsigned char *md)
 
  return 1;
 
-# if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER)
 fallback:
+# if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER)
  sw_fn_ptr = EVP_MD_meth_get_final((EVP_MD *)EVP_sm3());
  sts = (*sw_fn_ptr)(ctx, md);
  DEBUG("SW Finished %p\n", ctx);
  return sts;
+# else
+ if (!EVP_DigestFinal_ex(qat_sm3_ctx->sw_md_ctx, md, NULL)) {
+ WARN("Software calculate failed \n");
+ return 0;
+ }
+ DEBUG("SW Final Finished %p\n", qat_sm3_ctx);
+ return 1;
 # endif
 }
 

qat_prov_aes_ccm.c

@@ -112,6 +112,37 @@ QAT_EVP_CIPHER get_default_cipher_aes_ccm(int nid)
  return ccm_cipher;
 }
 
+static int qat_aes_ccm_tls_init(QAT_PROV_CCM_CTX *ctx, unsigned char *aad, size_t alen)
+{
+ size_t len;
+
+ if (!qat_prov_is_running() || alen != EVP_AEAD_TLS1_AAD_LEN)
+ return 0;
+
+ /* Save the aad for later use. */
+ memcpy(ctx->buf, aad, alen);
+ ctx->tls_aad_len = alen;
+
+ len = ctx->buf[alen - 2] << 8 | ctx->buf[alen - 1];
+ if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+ return 0;
+
+ /* Correct length for explicit iv. */
+ len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+
+ if (!ctx->enc) {
+ if (len < ctx->M)
+ return 0;
+ /* Correct length for tag. */
+ len -= ctx->M;
+ }
+ ctx->buf[alen - 2] = (unsigned char)(len >> 8);
+ ctx->buf[alen - 1] = (unsigned char)(len & 0xff);
+
+ /* Extra padding: tag appended to record. */
+ return ctx->M;
+}
+
 static void *qat_aes_ccm_newctx(void *provctx, size_t keybits, int nid)
 {
  QAT_PROV_AES_CCM_CTX *ctx = NULL;
@@ -139,10 +170,12 @@ size_t qat_aes_ccm_get_ivlen(QAT_PROV_CCM_CTX * ctx)
  return QAT_AES_CCM_OP_VALUE - ctx->L;
 }
 
-int qat_aes_ccm_einit(void *ctx, const unsigned char *inkey, size_t keylen,
- const unsigned char *iv, size_t ivlen, int enc)
+int qat_aes_ccm_einit(void *vctx, const unsigned char *inkey, size_t keylen,
+ const unsigned char *iv, size_t ivlen, const OSSL_PARAM param[])
 {
  int sts = 0;
+ QAT_PROV_CCM_CTX *ctx = (QAT_PROV_CCM_CTX *) vctx;
+ ctx->enc = 1;
 # if !defined(QAT20_OOT) && !defined(QAT_HW_INTREE) \
  && !defined(QAT_HW_FBSD_OOT) && !defined(QAT_HW_FBSD_INTREE)
  QAT_PROV_CCM_CTX *qctx = (QAT_PROV_CCM_CTX *) ctx;
@@ -162,16 +195,23 @@ int qat_aes_ccm_einit(void *ctx, const unsigned char *inkey, size_t keylen,
  return sts;
  }
 # endif
- if (qat_hw_aes_ccm_offload)
+ if (qat_hw_aes_ccm_offload) {
  sts = qat_aes_ccm_init(ctx, inkey, keylen, iv, ivlen, 1);
+ if (sts != 1) {
+ QATerr(ERR_LIB_PROV, QAT_R_EINIT_OPERATION_FAILED);
+ return sts;
+ }
+ }
 
- return sts;
+ return qat_aes_ccm_set_ctx_params(ctx, param);
 }
 
-int qat_aes_ccm_dinit(void *ctx, const unsigned char *inkey, size_t keylen,
- const unsigned char *iv, size_t ivlen, int enc)
+int qat_aes_ccm_dinit(void *vctx, const unsigned char *inkey, size_t keylen,
+ const unsigned char *iv, size_t ivlen, const OSSL_PARAM param[])
 {
  int sts = 0;
+ QAT_PROV_CCM_CTX *ctx = (QAT_PROV_CCM_CTX *) vctx;
+ ctx->enc = 0;
 # if !defined(QAT20_OOT) && !defined(QAT_HW_INTREE) \
  && !defined(QAT_HW_FBSD_OOT) && !defined(QAT_HW_FBSD_INTREE)
  QAT_PROV_CCM_CTX *qctx = (QAT_PROV_CCM_CTX *) ctx;
@@ -192,10 +232,15 @@ int qat_aes_ccm_dinit(void *ctx, const unsigned char *inkey, size_t keylen,
  return sts;
  }
 # endif
- if (qat_hw_aes_ccm_offload)
+ if (qat_hw_aes_ccm_offload) {
  sts = qat_aes_ccm_init(ctx, inkey, keylen, iv, ivlen, 0);
+ if (sts != 1) {
+ QATerr(ERR_LIB_PROV, QAT_R_DINIT_OPERATION_FAILED);
+ return sts;
+ }
+ }
 
- return sts;
+ return qat_aes_ccm_set_ctx_params(ctx, param);
 }
 
 int qat_aes_ccm_stream_update(void *vctx, unsigned char *out,
@@ -239,7 +284,10 @@ int qat_aes_ccm_stream_update(void *vctx, unsigned char *out,
  return 0;
  }
  }
-
+ else {
+ /* Set *outl to NULL when offload is disabled to avoid garbage values and prevent errors. */
+ *outl = 0;
+ }
  return 1;
 
 }
@@ -269,11 +317,12 @@ int qat_aes_ccm_stream_final(void *vctx, unsigned char *out,
  }
 # endif
 
- if (qat_hw_aes_ccm_offload)
+ if (qat_hw_aes_ccm_offload) {
  i = qat_aes_ccm_cipher(ctx, out, outl, outsize, NULL, 0);
 
- if (i <= 0)
- return 0;
+ if (i <= 0)
+ return 0;
+ }
 
  *outl = 0;
  return 1;
@@ -486,6 +535,8 @@ int qat_aes_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
  if (qat_hw_aes_ccm_offload)
  sz = qat_aes_ccm_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, p->data_size,
  p->data);
+else
+ sz = qat_aes_ccm_tls_init(ctx, p->data, p->data_size);
 
  if (sz == 0) {
  QATerr(ERR_LIB_PROV, QAT_R_INVALID_DATA);

qat_prov_aes_ccm.h

@@ -234,9 +234,9 @@ void qat_aes_ccm_init_ctx(void *provctx, QAT_PROV_CCM_CTX * ctx, size_t keybits,
 int qat_aes_ccm_get_ctx_params(void *vctx, OSSL_PARAM params[]);
 int qat_aes_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[]);
 int qat_aes_ccm_einit(void *ctx, const unsigned char *inkey, size_t keylen,
- const unsigned char *iv, size_t ivlen, int enc);
+ const unsigned char *iv, size_t ivlen, const OSSL_PARAM params[]);
 int qat_aes_ccm_dinit(void *ctx, const unsigned char *inkey, size_t keylen,
- const unsigned char *iv, size_t ivlen, int enc);
+ const unsigned char *iv, size_t ivlen, const OSSL_PARAM params[]);
 int qat_aes_ccm_stream_update(void *ctx, unsigned char *out,
  size_t *outl, size_t outsize,
  const unsigned char *in, size_t inl);

qat_prov_sm3.c

@@ -122,19 +122,33 @@ static void *qat_sm3_newctx(void *prov_ctc)
  return ctx;
 }
 
+# ifdef ENABLE_QAT_HW_SM3
+static void qat_sm3_free_sw_md_ctx(QAT_SM3_CTX *ctx)
+{
+ EVP_MD_CTX_free(ctx->sw_md_ctx);
+ EVP_MD_free(ctx->sw_md);
+ ctx->sw_md_ctx = NULL;
+ ctx->sw_md = NULL;
+}
+# endif
+
 static void qat_sm3_freectx(void *vctx)
 {
 # ifdef ENABLE_QAT_HW_SM3
  QAT_SM3_CTX *ctx = (QAT_SM3_CTX *)vctx;
  if (!qat_hw_sm3_cleanup(ctx)){
  WARN("qat sm3 ctx cleanup failed.\n");
  }
+
+ if ((qat_hw_sm3_offload) && (!qat_get_qat_offload_disabled())) {
 # ifndef ENABLE_QAT_SMALL_PKT_OFFLOAD
- EVP_MD_CTX_free(ctx->sw_md_ctx);
- EVP_MD_free(ctx->sw_md);
- ctx->sw_md_ctx = NULL;
- ctx->sw_md = NULL;
+ qat_sm3_free_sw_md_ctx(ctx);
 # endif
+ } else {
+ if (ctx->rcv_count == 0) {
+ qat_sm3_free_sw_md_ctx(ctx);
+}
+ }
 # endif
 # ifdef ENABLE_QAT_SW_SM3
  QAT_SM3_CTX_mb *ctx = (QAT_SM3_CTX_mb *)vctx;
@@ -155,6 +169,11 @@ static void *qat_sm3_dupctx(void *ctx)
 # endif
  if (ret != NULL)
  *ret = *in;
+# ifdef ENABLE_QAT_HW_SM3
+ if ((!qat_hw_sm3_offload) || (qat_get_qat_offload_disabled())) {
+ ret->rcv_count = 1;
+ }
+# endif
  return ret;
 }